MQSeries.net :: View topic

venkat kurra · Posted: Fri Jul 14, 2006 2:59 pm Post subject: HTTP Nodes to use SSL on AIX

I need to fix SSL configuration issue on AIX for the Message broker v 6.0. I just followed the IBM documentation as shown below,

http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp?topic=/com.ibm.etools.mft.doc/ap12234_.htm

Very beginning I deployed httpinput-->httpreply flow with out SSL and tested http successfully (to make sure no firewall issues to 7880).
I deleted http flow.
I stopped broker and re-started to free up 7880 (just a guess).
Created keystore file on AIX.
$ ./keytool -genkey -keypass mypasswd -keystore /home/wmqi/.keystore -alias tomcat
Enter keystore password: mypasswd
What is your first and last name?
[Unknown]: venkat kurra
What is the name of your organizational unit?
[Unknown]: myorgunit
What is the name of your organization?
[Unknown]: myorg
What is the name of your City or Locality?
[Unknown]: mycity
What is the name of your State or Province?
[Unknown]: il
What is the two-letter country code for this unit?
[Unknown]: us
Is CN=venkat kurra, OU=myorgunit, O=myorg, L=mycity, ST=il, C=us correct? (type "yes" or "no")
[no]: yes

Run the following commands on WMB broker
mqsichangeproperties BROKER -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties BROKER -b httplistener -o HTTPSConnector -n keystoreFile -v /home/wmqi/.keystore
mqsichangeproperties BROKER -b httplistener -o HTTPSConnector -n keystorePass -v mypasswd
mqsichangeproperties BROKER -b httplistener -o HTTPSConnector -n port -v 7880

I deploed a http flow after selecting SSL option in the httpinput node. I am testing from my workstation and used Mozilla web browser.

When I use https://<ip-address>:7880/httptest , it prompts "Website certified by un know Authority" with all infoâ€¦...,there is a Button "Examine Certificate" with 3 options like accept permanent, temporary or do not accept.

I accepted temporarily. Then I see an other pop up ..Security error : "Domain name mismatch"

If you open the certificate that's mine. After I click ok there is an other alert "could not accept an encrypted connection because certificate presented by <ip address> is invalid or corrupted. Error Code- 8182"

I though certificate was not good and moved to different workstation and configured local broker (windows) . it works fine on the workstation. If server has problem with firewall we shouldn't communicate even http (successfully tested in the beginning)

Internet explorer throwing the following exception,

The requested URL could not be retrieved

The following error was encountered:
The request was rejected because it was connecting to an
unauthorized HTTPS port. Please contact your network administrator.

Which is the right place to look at SSL error logs?

Any one completed HTTP/SSL for WMB on AIX?
_________________
Thanks,

Venkat Kurra

IBM Certified Specialist-MQSeries
IBM Websphere MQSeries Administrator
IBM WebSphere Message Broker System Admin